Session Initiation Protocol (SIP) is an application-layer signaling and control protocol for creating, modifying and terminating sessions including Internet telephone calls, multimedia distribution and multimedia conferences. Flexible, extensible and open, SIP has a complete security mechanism that allows security of both media and signaling. SIP RFC recommends the use of TLS or DTLS to provide an adequate level of protection against attacks. However, missing from these protocols is a way to perform non-repudiation service when used in SIP networks to provide a high level of trust between User Agents. In this paper we propose to modify and sign some header fields in the SIP request messages in order to achieve non-repudiation service over TLS/DTLS. To facilitate the implementation, the portability and the test of our proposal, called SIP SIGN, the new messages will be created and treated by a redirect server named “Proxy Signatory” setting between the User Agents and their local proxy servers. This “Proxy Signatory” provides the caller the ability to sign its SIP messages using certificates such as X.509 and the callee to verify and validate the signature and the caller identity.
[1]
Jari Arkko,et al.
Security Mechanism Agreement for the Session Initiation Protocol (SIP)
,
2003,
RFC.
[2]
Andreas Steffen,et al.
SIP Security
,
2004,
DFN-Arbeitstagung über Kommunikationsnetze.
[3]
Eric Rescorla,et al.
Datagram Transport Layer Security
,
2006,
RFC.
[4]
Mark Handley,et al.
SIP: Session Initiation Protocol
,
1999,
RFC.
[5]
Kumiko Ono,et al.
Requirements for End-to-Middle Security for the Session Initiation Protocol (SIP)
,
2005,
RFC.
[6]
Luca Veltri,et al.
SIP security issues: the SIP authentication procedure and its processing load
,
2002
.
[7]
Thomas J. Walsh,et al.
Security Considerations for Voice Over IP Systems
,
2005
.
[8]
Henning Schulzrinne,et al.
SIP Security
,
2009
.